Fixes: gh-5190

web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java

@@ -314,7 +314,7 @@ public class StrictHttpFirewall implements HttpFirewall {
 		int length = uri.length();
 		for (int i = 0; i < length; i++) {
 			char c = uri.charAt(i);
-			if (c < '\u0021' || '\u007e' < c) {
+			if (c < '\u0020' || c > '\u007e') {
 				return false;
 			}
 		}

web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java

@@ -297,6 +297,30 @@ public class StrictHttpFirewallTests {
 		this.firewall.getFirewalledRequest(this.request);
 	}
 
+	@Test(expected = RequestRejectedException.class)
+	public void getFirewalledRequestWhenExceedsLowerboundAsciiThenException() {
+		this.request.setRequestURI("/\u0019");
+		this.firewall.getFirewalledRequest(this.request);
+	}
+
+	@Test
+	public void getFirewalledRequestWhenContainsLowerboundAsciiThenNoException() {
+		this.request.setRequestURI("/ ");
+		this.firewall.getFirewalledRequest(this.request);
+	}
+
+	@Test
+	public void getFirewalledRequestWhenContainsUpperboundAsciiThenNoException() {
+		this.request.setRequestURI("/~");
+		this.firewall.getFirewalledRequest(this.request);
+	}
+
+	@Test(expected = RequestRejectedException.class)
+	public void getFirewalledRequestWhenExceedsUpperboundAsciiThenException() {
+		this.request.setRequestURI("/\u007f");
+		this.firewall.getFirewalledRequest(this.request);
+	}
+
 	// --- from DefaultHttpFirewallTests ---
 
 	/**